Permissions for Akamai Control Center users are managed using scopes. Scopes are determined by a user’s name, and the terms of the contract also play a role in determining a user’s permissions
In previous Global Traffic Management releases, portal users were created with a specific role. Each role had specific access permissions associated with it that were bundled into GTM and other Akamai products. Contracts also included specific engineering products. In these versions, creating a user with specified roles in a specific contract dictated what permissions are allowed for a user.
This new GTM release is similar to past releases but permissions are replaced and simplified with scopes. In previous releases, a user’s name had a role in determining the permissions available for that name. With this release of GTM, scopes are now determined by a user’s name, and the terms of the contract also play a role in determining a user’s permissions.
- View: You can view and read about the domains but cannot save, add, or edit anything. None of the UI buttons or fields are active except for actions that only need View scope, such as viewing the domain history or downloading the domain’s configuration from the top of a domain’s page.
- Add: You can add a domain but only for those contracts in which you have an Add scope. The Add New Domain page will display and all buttons and fields are enabled in this case. If you do not have Add scope the Add New Domain page will display an error message and all buttons and tabs will be grayed out. Note that you cannot add new data centers if you have a performance plus domain with this scope. The ability to add a new data center will only be enabled if the domain is not a performance plus domain, and you have Add and Edit domain rights.
- Edit: You can perform several functions within the domain and its properties, data centers, maps, and other functions. For example, you can delete a property or create a new geographic map. You can perform create, edit, and delete functions on a domain but you cannot add a new domain or new data center with Edit scope. All UI buttons and fields are active.
There is currently no scope to delete a domain at this time. Contact Akamai Support if you need to delete a domain.
When you start GTM, it checks for all the contracts you can access as well as the features and scopes for those contracts. It determines the scopes available for each contract. The contracts returned will not be restricted by data passed from the client. The exception to this is the Add scope. This scope will only be in the scope list if the contract ID belongs to the group ID passed by the client.
To determine if you have Add scope, the contracts are checked to see if any of them have that scope. If they do have Add scope you can add domains. On the Add New Domain page the contract menu will list only those contracts that have Add scope. You will see the Contract menu even if you only have one contract. This is to let you know which contract you are adding a domain to.
Control Center scopes for GTM are controlled at the contract level. If you want one user to be able to edit one property and another user to be able to edit another property, then the two properties must belong to different GTM domains.
- Load feedback (on or off)
- Minimum allowed test interval
- Maximum allowed test timeout
- Minimum allowed TTL
- Maximum allowed TTL
- Round-robin prefix
- Maximum number of properties involved
Contact Akamai for a full list of these attributes.